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DETAILED ACTION 

1 . This action is response to communication: response to election/restriction filed 
on 06/04/2007 with acknowledgement of benefit date of 1 2/05/2002. 

2. Claims 1-44 are currently pending in this application. Group II, comprising claims 
18, 19, 20-34, 38-41, and 42-44 have been elected. 

3. The IDS received 04/30/2004 has been accepted. 

Claim Objections 

Claim 25 is objected to because of the following informalities: As per claim 25, 
the claim recites "wherein the sending step comprises send the at least one 
configuration packet." This should be changed to "wherein the sending step comprises 
sending the at least one configuration packet." 
Appropriate correction is required. 

Drawings 

4. New corrected drawings in compliance with 37 CFR 1.121 (d) are required in this 
application because the drawings submitted are not formal. The submitted drawings 
are hand-drawn. Applicant is advised to employ the services of a competent patent 
draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer 
prepares new drawings. The corrected drawings are required in reply to the Office 
action to avoid abandonment of the application. The requirement for corrected drawings 
will not be held in abeyance. 
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Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

6. Claims 18-20, 25-28, 38, 39, and 42 are rejected under 35 U.S.C. 102(e) as 
being clearly anticipated by Simon et al. US Patent Application Publication 
2003/0093691 (hereinafter Simon). 

As per claim 18, Simon teaches a method of providing redundancy in a security 
processing system comprising the steps of: 

Establishing secure packet flow through a first security processor (paragraph 51 , 
59), modifying security association information associated with the secure packet flow 
(paragraphs 79 and 80; also paragraphs 57-59); sending the modified security 
association information to a second security processor (paragraph 60, 64, 66, 70, 74); 
and rerouting the secure packet flow to flow through the second security processor 
instead of the first security processor (paragraphs 70, abstract, and paragraph 95). 

As per claim 19, Simon teaches wherein the rerouting step is in response to a 
failure of packet flow through the first security processor (abstract, paragraph 79, 
paragraph 95). 



Application/Control Number: 10/619,352 Page 4 

Art Unit: 2134 

As per claim 20, Simon teaches a method of mirroring security association 
Information comprising the steps of: receiving, by a first security processor, at least one 
packet (paragraph 55), modifying security association information associated with the at 
least one packet (paragraphs 58-60 and 79-80), storing the modified security 
association information in a first data memory (paragraph 59, paragraph 70), sending 
the modified security association Infomiation to a second security processor 
(Paragraphs 60, 65, 66, 70, 74), and storing, by the second security processor, the 
modified security association information in a second data memorys 60, 65, 66, 70, 74), 
and storing, by the second security processor, the modified security association 
information in. a second data memory (paragraphs 59, 60, 65, 66, 70). More of this is 
taught in paragraphs 32-37, 70, 72, 74, and 76). 

As per claim 25, Simon teaches generating at least one configuration packet 
including the security association information, wherein the sending step comprises 
sending the at least one configuration packet (paragraphs 54-55). 

As per claim 26, Simon teaches sending, by a host processor, configuration 
information to the first security processor and the second security processor 
(paragraphs 32-37, 55, 56, 57). 

As per claim 27, Simon teaches sending, by a host processor, security 
association configuration information to the first security processor and the second 
security processor (paragraphs 32-36, 37, 56, 66, 67). 

As per claim 28, Simon teaches updating security association information for at 
least one outbound packet (paragraphs 68-60, 79-80) 
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As per claim 38, Simon teaches a security processing system, comprising: a first 
security processor for processing a first packet flow (paragraph 30-35, 37, 46, 70), 
updating security association information in response to the first packet flow 
(paragraphs 40, 59) and sending the updated security association Information to a 
second security processor (paragraphs 59, 60, 70); a second security processor for 
processing a second packet flow (abstract, paragraph 70); updating a security 
association Information In response to the second packet flow (paragraphs 40, 59, 60, 
70); and sending the updated security association to the first security processor 
(paragraphs 40, 59, 60, and 70, wherein sa information Is exchanged to the 
corresponding routers); and at least one switch for routing the first packet flow and the 
second packet flow to the first security processor and the second security processor 
(paragraphs 43 and 62). (It is shown throughout the reference that the cryptographic 
nodes and edge routers may assume the function of another cryptographic node and 
edge router; SA information is constantly updated by the current nodes and routers, and 
the SA Information may transferred between the edge routers/cryptographic nodes) 

As per claim 39, Simon teaches at least one host processor connected to the at 
least one switch for tennlnatlng or Initiating the first packet flow and the second packet 
flow (paragraph 43, Figure 3). 

As per claim 42, Simon teaches a security processing system, comprising: at 
least one host processor for establishing a first packet flow to a first security processor 
and a second packet flow to a second security processor (paragraph 32); a first security 
processor for updating a first set of security association information associated with the 
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first pacl<et flow (paragraphs 32-34; also 79, 80); and sending the updated first set of 
security association information to a second security processor (paragraph 70); and a 
second security processor for updating a second set of security association information 
associated with the second packet flow (paragraphs 79 and 80, also paragraphs 32 and 
33; also paragraphs 63-66 (it is shown throughout the reference that the cryptographic 
nodes and edge routers may assume the function of another cryptographic node and 
edge router; SA information is constantly updated by the current nodes and routers, and 
the SA information may transferred between the edge routers/cryptographic nodes 
repeatedly). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 21-24 and 29-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Simon as applied above, and in view of Xiong et al. US Patent 
Application Publication 2003/0061507 (hereinafter Xiong). 

As per claim 21 , Simon does not explicitly teach wherein the security association 
information comprises at least one sequence number. However, this is taught by Xiong, 
such as in paragraph 23. 
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At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include a sequence number with a security association. One of ordinary skill 
in the art would have been motivated to pertorm such an addition, as sequence 
numbers are commonly associated with security associations. This is taught in 
paragraph 23 of Xiong.. Also, by incorporating sequence numbers, the transmissions 
are more secure, as they prevent replay attacks (also found in paragraph 23). 

As per claim 22, Xiong teaches wherein the security association information 
comprises at least one byte count (paragraph 23). 

As per claim 23, Xiong teaches wherein the sending step further comprises 
repeatedly sending the security association information (paragraph 23, as sequence 
numbers are used to record each transmission). Further, Simon teaches this as well 
throughout the reference, such as in paragraphs 57, 60 and 66. 

As per claim 24, Xiong teaches wherein the sending step further comprises 
repeatedly sending the security association information at intervals according to at least 
one sequence number (paragraph 23; also Simon paragraphs 57, 60, and 66). 

As per claim 29, Simon teaches defining an interval at which to update the 
security association information in paragraphs 79-80. Xiong teaches defining a quantity 
to adjust a sequence number in paragraph 23. Xiong also teaches determining whether 
to send the security association information according to a comparison of a sequence 
number with the interval in paragraph 23. Although it does not teach a second 
processor, Simon teaches incorporating sending security associations to second 
security processors. 
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As per claim 30, Xiong teaches adding the quantity to the sequence number 
before sending the security association information to the second security processor 
(paragraph 29 in combination with the Simon reference incorporating the second 
security processor). 

As per claim 31 , Xiong teaches updating security association information for at 
least one inbound packet (paragraphs 26-29 and Figure 6). 

As per claim 32, Xiong teaches defining a quantity to adjust a sequence number 
(paragraph 23); defining a width of a replay window (paragraph 23); and determining 
whether to send the security association information to the second security processor 
according to a comparison of a sequence number with the width (paragraph 23 with the 
combination of Simon). 

Claim 33 is rejected using the same basis of arguments used to reject claim 30 

above. 

As per claim 34, Xiong teaches sending replay window information to the second 
security processor (paragraph 23, in combination with the Simon reference 
incorporating the second security processor). 

9. Claims 40, 41 , 43, and 44 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Simon as applied above, and in view of Rosenow et al. US Patent 
No. 5,022,076 (hereinafter Rosenow). 
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As per claim 40, Simon teaches changing the routing of packet flow by either 
routing the first packet flow to the second security processor instead of the first security 
processor or routing the second packet flow to the first security processor instead of the 
second security processor (paragraphs 72, 73, 75, 76, and 77). However, Simon does 
not explicitly teach wherein the one host processor changes the routing of the packet 
flow. However, routing processes from one processor to another processor is well 
known in the art, as taught by Rosenow. Rosenow teaches throughout the reference 
the routing of processes from one processor to another processor, such as in the 
abstract and in col. 23 lines 59 to col. 24 line 1 1 . 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Rosenow reference with the Simon reference. One of ordinary 
skill in the art would have been motivated to perform such an addition to provide more 
reliability by creating a fault tolerant system. This Is taught throughout Rosenow, such 
as in the abstract and col. 4 lines 15-61. 

As per claim 41 , Rosenow teaches wherein the change in the routing is in 
response to a failure of the first packet flow through the first security processor or the 
second flow through the second security processor (abstract; col. 23 line 59 to col. 24 
line 11). Also, this is taught in Simon's abstract, paragraph 79, and paragraph 95. 

Claim 43 is rejected using the same basis of arguments used to reject daim 40 

above. 

Claim 44 Is rejected using the same basis of arguments used to reject daim 40 
above, (it routes to whatever processor is working). 
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Conclusion 



1 0. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jason K. Gee whose telephone number is (571 ) 272- 
6431. The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-361 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system^ contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Jason Gee 
Patent Examiner 
Technology Center 2100 
08/05/2007 




